Miscellaneous Tech News
-
@DustinB3403 said in Miscellaneous Tech News:
New Windows 10 build silences Cortana, brings passwordless accounts
The latest Insider build of Windows 10, 18309, expands the use of a thing that Microsoft has recently introduced: passwordless Microsoft accounts. It's now possible to create a Microsoft account that uses a one-time code delivered over SMS as its primary authenticator, rather than a conventional password.
yeah - now it's evey easier to hack people.
And apparently the NIST has been bought off to reduce their stance on SMS 2FA
https://blog.vasco.com/authentication/sms-authentication/ -
@Dashrender no one said it was a stepped improvement. They also have biometrics (face, fingerprint) as well as pin options.
They are working to remove the password complexity requirement and put something else in place of it.
-
Which ideally if they could come up with a Correct Horse Shoe Battery Staple algorithm and generate random passwords based on dictionary words they likely would be better off.
But how can one trust that the computer and ISO isn't compromised at installation time or to make sure that algorithm hasn't been cracked. . .
-
@DustinB3403 said in Miscellaneous Tech News:
Which ideally if they could come up with a Correct Horse Shoe Battery Staple algorithm and generate random passwords based on dictionary words they likely would be better off.
But how can one trust that the computer and ISO isn't compromised at installation time or to make sure that algorithm hasn't been cracked. . .
Secure boot and hash verification.
-
@JaredBusch said in Miscellaneous Tech News:
@DustinB3403 said in Miscellaneous Tech News:
Which ideally if they could come up with a Correct Horse Shoe Battery Staple algorithm and generate random passwords based on dictionary words they likely would be better off.
But how can one trust that the computer and ISO isn't compromised at installation time or to make sure that algorithm hasn't been cracked. . .
Secure boot and hash verification.
That was my point, the solution already exists. But no one has implemented said algorithm in their systems.
-
People don't want to use generated passwords if they can avoid it.
The push OTP is an awesome idea - my only criticism was they pushing to SMS, and not the app.
-
@Dashrender said in Miscellaneous Tech News:
People don't want to use generated passwords if they can avoid it.
The push OTP is an awesome idea - my only criticism was they pushing to SMS, and not the app.
Well the issue is that a password generated by a person generally just sucks. If the process of passwords were to be changed, one such option would be to use randomly generated passwords like CHSBS.
-
@DustinB3403 said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
People don't want to use generated passwords if they can avoid it.
The push OTP is an awesome idea - my only criticism was they pushing to SMS, and not the app.
Well the issue is that a password generated by a person generally just sucks. If the process of passwords were to be changed, one such option would be to use randomly generated passwords like CHSBS.
That's great - I suppose you could force people to use the passwords that systems make for them - not allowing them to change them to something that the user themself's want. That just means they'll write it down and potentially write it directly on the computer - I guess the hackers can't read it at least.
-
@Dashrender and to that same point, how many times has a user changed their password only to forget it and need it changed again. Or write it down when they change it and have arbitrary requirements like in the CHSBS example?
-
@DustinB3403 said in Miscellaneous Tech News:
@Dashrender and to that same point, how many times has a user changed their password only to forget it and need it changed again. Or write it down when they change it and have arbitrary requirements like in the CHSBS example?
I'm all for getting rid of passwords - just don't use SMS as a part of the fix.
-
@Dashrender said in Miscellaneous Tech News:
@DustinB3403 said in Miscellaneous Tech News:
@Dashrender and to that same point, how many times has a user changed their password only to forget it and need it changed again. Or write it down when they change it and have arbitrary requirements like in the CHSBS example?
I'm all for getting rid of passwords - just don't use SMS as a part of the fix.
I like using Chrome's built-in password manager and generator. So long as you can use Chrome, you don't need to know the password. If you need to know it, you can always go in and check.
-
I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.
-
@Donahue said in Miscellaneous Tech News:
I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.
As far as I know, nothing works for computers logins - at least regarding an automated way to enter the information.
Pulling the info out of Lastpass is generally easy enough though - I get it on my phone when I'm not at my own computer.
-
@Donahue said in Miscellaneous Tech News:
I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.
I use KeePass for personal stuff and LastPass at work. For work, it's fine and has functionality which is great for work. But personally I couldn't use it as it's solely accessible from a browser.
KeePass I can access from my phone, desktop, laptop tablet and pretty much everything else.
-
@DustinB3403 said in Miscellaneous Tech News:
@Donahue said in Miscellaneous Tech News:
I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.
I use KeePass for personal stuff and LastPass at work. For work, it's fine and has functionality which is great for work. But personally I couldn't use it as it's solely accessible from a browser.
KeePass I can access from my phone, desktop, laptop tablet and pretty much everything else.
I use Lastpass from my phone - there's an app.
Assuming you're in a GUI on your desktop - what do you care if you're using the browser or a native app?
-
@Dashrender said in Miscellaneous Tech News:
@DustinB3403 said in Miscellaneous Tech News:
@Donahue said in Miscellaneous Tech News:
I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.
I use KeePass for personal stuff and LastPass at work. For work, it's fine and has functionality which is great for work. But personally I couldn't use it as it's solely accessible from a browser.
KeePass I can access from my phone, desktop, laptop tablet and pretty much everything else.
I use Lastpass from my phone - there's an app.
Assuming you're in a GUI on your desktop - what do you care if you're using the browser or a native app?
Just functionality wise it feels like it's lacking.
-
I also use the lastpass app on my phone, I can use my fingerprint to open it so I dont have to type in my super long master password.
-
@Dashrender said in Miscellaneous Tech News:
As far as I know, nothing works for computers logins - at least regarding an automated way to enter the information.
I believe automated logins are becoming more popular with the Windows Hello feature. I think Yubikey's can log you into Windows now.
Have Yubikey's ever come up here? I don't recall reading much about them.
-
Samsung sticks Nvidia RTX 2080 GPU inside new Odyssey gaming notebook
Yet another competitor for Acer, Alienware, Razer, and others to watch.
Samsung is making news at CES 2019—but not for an obvious reason. The Korean manufacturer announced its first new gaming laptop in quite some time: the Samsung Notebook Odyssey. While Samsung has made gaming devices with the Odyssey name, this new notebook appears to compete with similarly powerful and portable gaming PCs from the likes of Acer, Alienware, and Razer.
-
@mlnews wow, that's a nice card!
